Chris Buechler wrote:
>On Mon, 14 Feb 2005 19:36:46 -0800, Jeffrey Goldberg
><jeffrey at goldmark dot org> wrote:
>
>
>> Both controlled and controlling computers receive all communications
>>through an
>> outgoing TCP connection using protocols and ports that can
>>transparently transit
>> almost all firewalls.
>>
>> No firewall changes are required, and you do not have to bypass or
>>compromise your
>> corporate or branch office firewall.
>>
>>It looks like they are "marketing" to end users who would install this
>>on their work machines to ask like a VPN to a particular machine.
>>
>>So here are a few of my questions for the m0n0 crowd.
>>
>>(1) Is this thing as evil as it looks?
>>
>>
>
>That was my first thought when I first saw it. Sounds like a good way
>to bypass corporate security measures. Citrix bought them though, and
>having a trustworthy name behind it made me somewhat change my opinion
>of it. (whether rightfully or not. ;) Still seems like a good way
>for unauthorized users to bypass corporate security measures though.
>
>Some of my clients are using it for remote access. They love it. I
>haven't really dug into the technical details, but it requires no open
>ports from the internet, and all runs over HTTPS I believe. Basically
>the agent on your machine keeps a connection to their system so when
>you log into their website you can log into your PC.
>
>
>
>
>>(3) How could one control such a thing?
>>
>>
>>
>
>Not very easily. Blocking HTTPS, if that indeed is what it uses, is
>one way, but probably not feasible for most. Lock down machines so
>users can't install things, but again difficult in many environments.
>Block access to the entire gotomypc.com domain, and any others it
>uses, if it relies upon DNS. Audit what is installed on your machines
>using some sort of automated asset management system.
>
>Not really a good answer... but I don't think there is one.
>
>-Chris
>
>
Why not simply discover what IPs their servers are on and block all
access to them??
Chris
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.8 - Release Date: 2/14/2005